Atomic Secure Multi-party Multiplication with Low Communication

We consider the standard secure multi-party multiplication protocol due to M. Rabin. This protocol is based on Shamir’s secret sharing scheme and it can be viewed as a practical variation on one of the central techniques in the foundational results of Ben-Or, Goldwasser, and Wigderson and Chaum, Crépeau, and Damgaard on secure multi-party computation. Rabin’s idea is a key ingredient to virtually all practical protocols in threshold cryptography.

Given a passive

t

-adversary in the secure channels model with synchronous communication, for example, secure multiplication of two secret-shared elements from a finite field

K

based on this idea uses one communication round and has the network exchange

O

(

n

2

) field elements, if

t

 = Θ(

n

) and

t

 < 

n

/2 and if

n

is the number of players. This is because each of

O

(

n

) players must perform Shamir secret sharing as part of the protocol. This paper demonstrates that under a few restrictions much more efficient protocols are possible; even at the level of a single multiplication.

We demonstrate a twist on Rabin’s idea that enables one-round secure multiplication

with just O

(

n

)

bandwidth

in certain settings, thus reducing it from quadratic to linear. The ideas involved can additionally be employed in the evaluation of arithmetic circuits, where under appropriate circumstances similar efficiency gains can be obtained.